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SYSTEM AND METHOD FOR AUTHENTICATING SIGNATURES \ 
FIELD OF THE INVENTION ^ 

The present invention relates to a system and method for 
authenticating signatures in general and, in particular, to a 
5 system and method for authenticating signatures transmitted 
over digital communication lines. 

BACKGROUND OF THE INVENTION 

In the field of computer graphics, it is known to use a 

10 digitizer to convert graphical data into electronic data for 
a computer. A user draws with an electronic pen on the 
digitizer tablet, and the digitizer converts the graphical 
data to electric signals. Such digitizers are used today for 
inputting data to computers, similar to a mouse. 

15 There are many occasions in which it is necessary to 

authenticate the signature of a person signing a document in 
order to ensure that the signatory is indeed the person whose 
name is being signed. One particular application is the field 
of credit cards, wherein sums of money change hands in 

20 reliance on the signature of the card holder. In the event 
that a card is stolen, a person who can forge the 
cardholder' s signature can charge items against the 
cardholder's bank account. Similarly, when purchases "are made 
over the telephone, the number and expiration date of the 

25 card are read to the vendor, but there is no way to verify 
whether the caller is an authorized user of the earth 

This problem has reached new heights with the advent of 
the Internet, where sales are transacted by means of 
transmitting the number and expiration date of the credit 

30 card only, without any means of verifying the origin of the 
purchase. Since these communication lines are open, it is 
easy for a hacker to determine the number and expiration date 
of someone else's credit card which were transmitted over his 
modem, and to use that credit card for unauthorized 

35 purchases. 
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Authentication of signatures by means of a graphical 
image (or bitmap) is not a solution because a photocopy of 
the signature looks authentic and cannot be detected. 

Accordingly, there is a long felt need for and it would 
5 be very desirable to have a method of authenticating the 
signature of a person, particularly a person using a credit 
card, both in a conventional sales transaction in a store, 
and over transmission lines, such as the Internet. 

10 SUMMARY OF THE INVENTION 

According to the present invention, there is provided a 
system for authenticating a signature including a digitizer, 
an electronic pen, a dynamic identification unit for 
«F* measuring vectors produced during signature by the electronic 

Qj 15 pen on the digitizer, and a comparator for comparing the 

vectors produced during signature with a reference signature. 
\| According to a preferred embodiment, the system also 

includes an encryptor for encrypting a signature record and a 
;t| decoder for decoding the encrypted signature record. 

20 According to another preferred embodiment, the reference 

P signature record is stored on an IC (integrated chip) card. 

In accordance with the present invention, there is also 
provided a method of authenticating a signature including the 
steps of 

25 providing a reference signature record, 

signing with an electronic pen on a digitizer tablet, 
calculating parameters from data produced during signing 
on the 'digitizer tablet; 

comparing the parameters produced during signature with 
30 a reference signature record; and 

providing an accept or reject response in accordance 
with results of the comparison. 

According to a preferred embodiment, the method also 
includes the steps of encrypting the calculated parameters 
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with a encryption key, and decrypting the encrypted data 
before comparing the parameters. 

Further according to a preferred embodiment, the method 
includes the step of transmitting the calculated parameters 
5 over a transmission line to a remote location before the step 
of comparing . 



BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention will be further understood and 
10 appreciated from the following detailed description taken in 
conjunction with the drawings in which: 

Fig. 1 is a schematic illustration of a signature 
authentication system according to one embodiment of the 
present invention; 
15 Fiq. 2 is a schematic illustration of a signature 

n authentication system according to embodiment of the 

present invention ; 

Fig. 3 is a flow chart of a method of providing a 
reference signature according to the invention; 
20 Fig. 4 is a flow chart of a method of authenticating a 

signature ; 

Fig. 5 is a detail of a method of comparing the 
signature in the method of Fig. 4; and 

Fig. 6 is a flow chart of a method of updating a 
25 reference signature. 

DETAILED DESCRIPTION OF THE INVENTION 

The present invention relates to a system and method for 
authenticating signatures, the system and method being 

30 suitable also for authenticating signatures transmitted over 
communication lines. The present invention uses signature 
vector recognition and is based on the use of a digitizer 
together with software in a dynamic identification unit which 
calculates parameters based on data produced during signature 

35 by the electronic pen on the digitizer tablet. These 



parameters, which are unique to each person when he signs his 
own name, are compared with the parameters in a reference 
signature record, or personal signature profile, which is 
based on data produced during a number of signatures, to 
determine whether the signature is authentic (i.e., signature 
by the authorized signatory) or forged. 

For purposes of the present invention, a digitizer 
refers to any device which converts a location on an X,Y 
tablet, possibly with the angle of the pen and the pressure 
on the pen, to a numerical value, and an electronic pen is 
any device by which a person can write or sign on a digitizer 
tablet such that parameters of his handwriting can be 
detected by the digitizer. It will be appreciated that the 
system can be used to authenticate the handwriting of any 
predetermined word or words for which a reference record is 
made. Since the most common words used to identify a person 
are his signature, the present application refers to 
signatures, by way of non-limiting example, only. 

It will be appreciated that there are many instances 
when it is desirable to authenticate the signature of a 
signatory, both in legal and business matters. The invention 
will be described hereinbelow with relation to credit cards, 
for which it is particularly suitable, by way of example 
only, but those skilled in the art will appreciate that it 
can also be applied in any other instance of signature 
verification where the system components can be made 
available . 

When transmitting the signature over transmission lines 
for acceptance, as by a bank or credit card company, 
additional security can be provided by encrypting the 
signature with a secret key, known only to the signatory and 
the bank, which cannot be determined by downloading the data 
containing the signature signals from the transmission line. 

Referring now to Fig. 1, there is shown a schematic 
illustration of a system for authenticating a signature 



constructed and operative in accordance with one embodiment 
of the invention. The system includes a digitizer 10 with an 
associated electronic pen 12 coupled to a computer 14 for 
authenticating a signature at the time and place of 
5 signature. This system is particularly suitable for point of 
sale use. Digitizer 10 can be any conventional digitizer, 
such as a Wacom Digitizer, manufactured by Wacom Co. Ltd., 
Japan . 

The signatory carries an Integrated Chip (IC) card, or 
10 smart card 15 on which is stored a reference signature 
record, or personal signature profile, for the signatory. 
Computer 14 includes a comparator 17, which compares the 
signature to be authenticated with the reference signature 
record stored on IC card 15. If the signature is within 
15 predefined tolerances of the reference signature, comparator 
17 sends an accept signal to computer 14. If the signature is 
not within the predefined tolerances of the reference 
signature, comparator 17 sends a reject signal to computer 
14 . 

20 Referring now to Fig. 2, there is shown a schematic 

illustration of a system for authenticating a signature 
constructed and operative in accordance with an alternative 
embodiment of the invention. The system includes a digitizer 
10' with an associated electronic pen 12' coupled to a 

25 computer 14' having a modem (not shown) for transmitting data 
from computer 14' to a remote location 16, generally a bank 
or credit card company in the present example. 

At remote location 16, the data is received by a dynamic 
identification unit 20 arranged to receive the data produced 

30 during signature by the electronic pen on the digitizer 
tablet and calculate therefrom a table of parameters which 
constitutes a signature record. The result is provided to a 
comparator 22 which compares the signature to be 
authenticated with a reference signature record, or personal 

35 signature profile, stored in its memory 24. If the signature 

5 



is within predefined tolerances of the reference signature, 
comparator 22 sends an accept signal to computer 14' . If the 
signature is not within the predefined tolerances of the 
reference signature, comparator 22 sends a reject signal to 
5 computer 14 ' . 

Operation of the system of the invention is as follows. 
First, a reference signature record, or personal signature 
profile, must be provided for the bank or credit card company 
or other body which must accept or reject the signature, as 

10 shown in Fig. 2. This is done at the time of opening an 
account or requesting a credit card. The user signs his name 
on a digitizer tablet coupled to the computer of the credit 
card company. The pen position over the tablet is recorded by 
the computer to produce vectors, and a mathematical analysis 

15 is performed to learn the following parameters at any given 
time during the signature process: 

pen position (X,Y coordinates) over the tablet; 
sequences of drawing: number of letters, relative 
position, and time to draw; 

20 acceleration and deceleration during signature; 

direction changes . 
Optionally the computer can also calculate pen tilt relative 
to the tablet and pen ^pressure, _Lf the digitizer used is 
^ capable of providing 1 thio- data. - The digitizer data of the 

25 signature are input 30 to - the - dynamic identification unit in 
the computer. The dynamic identification unit records 32 the 
parameters of the signature. The recorded parameters are 
arranged 34 in a table of parameters. This process is 
repeated 36 a predetermined number of times, for example 

30 between 5 and 10, so as to permit the dynamic identification 
unit to calculate the tolerances 38 associated with the 
variations in the individual's signature, which is never 
identical. It will be appreciated that the range of 
acceptable variations in a personal signature profile will 

35 vary from person to person. Once the parameter table and 
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tolerances have been determined, these are stored in the 
computer memory for later reference as the reference 
signature record. It will be appreciated that, preferably, 
the personal signature profile consists of an array of 
parameters and logical tolerances or permitted variations, 
not an "average" signature. 

A personal ID code is also recorded 39 together with the 
signature vector table. This personal ID code serves as an 
encryption key to provide additional security for signature 
data transmitted over transmission lines. This encryption key 
can be any string selected by the user which is known only to 
him and the credit card company. While the password selected 
by the credit card company, which is used in cash machines, 
etc. in conventional credit card authentication systems, can 
be used as the encryption key, it is preferable to select a 
key which does not appear on the card. One example of a 
suitable encryption key is the user's birthdate. 

It is a particular feature of the invention that the 
dynamic identification unit will recognize a person's 
signature even if it is signed upside down (i.e., where the 
cardholder is in front of a counter) or rotated to any other 
angle, where the signature is smaller or larger in size, or 
slightly different in details. 
g«^%^A.t the time^^f making a credit card purchase, the 
purcjiper^s signatur^is authenticated as follows, as shown 
in F - i - g , — 3r m The customer signs with an electronic pen on a 
digitizer tablet in tha store or on the digitizer tablet 
coupled to his home computer. The record of the signature is 
received 40 by the credit card company. The dynamic 
identification unit retrieves 42 the reference signature 
record of the cardholdlr. It may also retrieve 44 the 
personal ID code of the /cardholder from the company computer 
if the signature is erfcrypted with the personal ID code. 
Generally this is necessary when making purchases other that 
at point of sale. If\ the record of the signature was 



encrypted (described Vln detail hereinbelow) the record is now 
decrypted 46. If no recognizable signature record is received 
48, the signature is rejected. 

If the decryption results in a recognizable signature 
record, or if the signature record was not encrypted, the 
dynamic identification unit proceeds to ^identify the 
signature 50, as shown in detail in Fig. ^. The dynamic 

A 

identification unit traces 52 the vector lines in the 
signature record and fills a parameter table 54 with the 
various parameters. The parameter table of the signature 
record is compared 56 with the reference parameter table 
stored in the computer memory. 

Parameters for comparison are selected, for example, 
from the characteristics listed above. Any or all may be 
selected for use by the programmer. For example, the 
comparator can determine whether there is a significant 
difference in time of writing the signature 58, which could 
indicate copying rather than an authentic signature. It can 
determine whether there is a difference in the number of 
vectors 60, i.e., whether a letter has been added or omitted. 
It can look for a change in the angle of the pen 62. It can 
determine whether there is a change in the relative direction 
of the signature 63. And it can determine whether there are 
differences in pressure during signing 64. If any of the 
examined parameters is significantly different, i.e., outside 
the range of tolerances 66 (Fig. /() , the signature will be 
rejected. If the signature record meets all the 
characteristics of the reference signature record, the 
signature will be authenticated and accepted. An indication 
of acceptance is then sent to the point of purchase. 

When making transactions at the point of sale, generally 
the physical lines are sufficiently secure that no encryption 
is required, although it can be used, if desired. However, 
for transactions over the Internet, encryption is recommended 
to prevent theft of the credit card details. In this case, 
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the Web surfer will have his own digitizer tablet coupled to 
his computer. After typing in the credit card number, as in 
conventional credit card purchases over the net, a signature 
authentication software driver will pop an input window to 
5 the cardholder's screen. The cardholder will type his 
personal ID code and then sign his name on the digitizer 
tablet. The vectors produced during signature on the 
digitizer tablet are calculated and the software encrypts the 
signature data using the personal ID code as the encryption 
10 key, as known. 

The encrypted signature record is sent to the vendor, 
which may be a site on the Internet. The vendor forwards the 
M signature record, as is, to the credit card company for 

;s c; authentication of the signature. When the encrypted signature 

15 record reaches the credit card company, it^is authenticated 
u! as described above with reference to Figs. $ and When the 

'Zl reference signature data of the cardholder is retrieved, the 

encryption key is also retrieved, permitting the dynamic 
<;q identification unit to decrypt the signature record and 

H; 20 compare it with the reference signature. In accordance with 
the results of the comparison, the credit card company will 
^ notify the vendor that the signature is accepted or rejected. 

Preferably, the authenticating computer will include 
means for detecting hacking. For example, if two identical 
25 signatures are received, one after another, the computer is 
preferably programmed to reject the second signature, even if 
9 it falls within the personal signature profile. This is^ 
because, in real life, no one signs his or her name exactly 
the same way twice in a row. 
30 On the other hand, over time, a person's signature tends 

to change. Therefore, according to a preferred embodiment of 
the invention, updating means is provided for changing the 
personal signature profile or reference signature record, in 
accordance with perceived, consistent changes in the 
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signature. A flow chart of one example of suitable software 
for accomplishing this updating is illustrated in Fig. 6. 

In Fig. 6, the comparator receives the signature for 
authentication and compares it with the personal signature 
profile (block 70). If the result is not close to the edge of 
the tolerances or permitted variations, the comparator exits 
the program (block 72) . If the result is close to the edge of 
the tolerances or permitted variations, an invalid counter is 
incremented by one (block 74). The counter is checked (block 
76) and, if the result is less than a pre-selected number, 
e.g. 5, the comparator exits the program (block 78), If the 
results equal^ the pre-selected number, the old signature is 
replaced by the new signature (block 80) , and the Tolerance 
Table is rebuilt to include the new signature parameters and 

permitted variations (block 82). At the same time, the 

Invalid Counter is cleared. 

According to another embodiment of the invention, ttle^ 
signature authentication is utilized for network access, 
instead of a password. In this embodiment, the personal 
signature profile is provided to the network, in lieu of a 
personal password. When access to the network is desired, the 
user signs a digitizer coupled to his workstation, and the 
signature is compared with the personal signature profile^^ 
This method greatly increases security within the network, by 
preventing access to a hacker who discovered the password by 
unauthorized means, or to an unauthorized person who was 
given the password. 

It will be appreciated that the invention is not limited 
to what has been described hereinabove merely by way of 
example. Rather, the inventon is limited solely by the 
claims which follow. 
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